sherpa-onnx-tts
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Sherpa-ONNX runtime and Piper-based VITS voice models from the official k2-fsa organization on GitHub.
- [COMMAND_EXECUTION]: The wrapper script uses
spawnSyncto call the local Sherpa-ONNX binary. It uses an argument array which prevents shell-based command injection. - [COMMAND_EXECUTION]: At runtime, the script configures the environment's library path to point to the downloaded runtime's libraries, which is a standard procedure for running portable binaries.
Audit Metadata